The European Court of Justice scrapped EU legislation allowing the indiscriminate collection of such communication data in crime-fighting efforts, ruling that the rules were too broad and offered too few privacy safeguards.

"The judgment finds that untargeted monitoring of the entire population is unacceptable," said TJ McIntyre, chairman of Digital Rights Ireland, who filed the original lawsuit.

Other rights groups also hailed a landmark victory for privacy, but governments stressed they still need to access phone records to prevent or investigate serious crimes such as terrorism.

"Data retention for the purpose of investigating serious crimes is necessary and that remains the case," German interior minister Thomas de Maiziere said after the ruling, urging quick agreement on more narrowly defined new legislation.

Germany highlighted the ambivalence towards the directive. The most populous of the EU's 28 nations did not implement it amid court challenges and domestic political differences.

The 2006 legislation required telecommunication firms to store phone calls or some online communication records for at least six months and up to two years. The data typically reveals who was involved in the communication, where it originated, when and how often - but not its content.

Still, the Luxembourg-based court ruled the legislation provided "very precise information on private lives", including daily habits and social relationships that represented a "particularly serious interference with fundamental rights".

The court said the rules must be narrowed down to ensure any privacy infringement will be restricted to "what is strictly necessary" for fighting serious crimes.

Beyond invading privacy, Green European Parliament politician Jan Philipp Albrecht said the data collection also "totally failed to lead to any noticeable improvement in law enforcement".

In an apparent nod to the leaks disclosing US surveillance agencies' alleged mass spying on communication overseas, the EU court also said the legislation's failure to ensure that the storage of communication data was retained within the EU represents a potential breach of the bloc's privacy laws.

Privacy advocates in Ireland and Austria brought cases against national legislation based on the EU directive to their countries' top courts, which in turn sought advice from the Luxembourg judges.